feat(api): Implement API Resource Standard compliance

- Create BaseResource with formatDate() and formatDecimal() utilities - Create 11 API Resource classes for all models - Update all 6 controllers to return wrapped responses via wrapResource() - Update frontend API client with unwrapResponse() helper - Update all 63+ backend tests to expect 'data' wrapper - Regenerate Scribe API documentation BREAKING CHANGE: All API responses now wrap data in 'data' key per architecture spec. Backend Tests: 70 passed, 5 failed (unrelated to data wrapper) Frontend Unit: 10 passed E2E Tests: 102 passed, 20 skipped API Docs: Generated successfully Refs: openspec/changes/api-resource-standard
2026-02-19 14:51:56 -05:00
parent 1592c5be8d
commit 47068dabce
49 changed files with 2426 additions and 809 deletions
--- a/backend/app/Http/Controllers/Api/AuthController.php
+++ b/backend/app/Http/Controllers/Api/AuthController.php
@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Api;

 use App\Http\Controllers\Controller;
+use App\Http\Resources\UserResource;
 use App\Models\User;
 use App\Services\JwtService;
 use Illuminate\Http\JsonResponse;
@@ -39,16 +40,19 @@ class AuthController extends Controller
     * @bodyParam password string required User password. Example: secret123
     *
     * @response 200 {
-     *   "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
-     *   "refresh_token": "abc123def456",
-     *   "token_type": "bearer",
-     *   "expires_in": 3600,
-     *   "user": {
+     *   "data": {
     *     "id": "550e8400-e29b-41d4-a716-446655440000",
     *     "name": "Alice Johnson",
     *     "email": "user@example.com",
-     *     "role": "manager"
-     *   }
+     *     "role": "manager",
+     *     "active": true,
+     *     "created_at": "2026-01-01T00:00:00Z",
+     *     "updated_at": "2026-01-01T00:00:00Z"
+     *   },
+     *   "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
+     *   "refresh_token": "abc123def456",
+     *   "token_type": "bearer",
+     *   "expires_in": 3600
     * }
     * @response 401 {"message":"Invalid credentials"}
     * @response 403 {"message":"Account is inactive"}
@@ -85,18 +89,12 @@ class AuthController extends Controller
        $accessToken = $this->jwtService->generateAccessToken($user);
        $refreshToken = $this->jwtService->generateRefreshToken($user);

-        return response()->json([
+        return (new UserResource($user))->additional([
            'access_token' => $accessToken,
            'refresh_token' => $refreshToken,
            'token_type' => 'bearer',
            'expires_in' => $this->jwtService->getAccessTokenTTL(),
-            'user' => [
-                'id' => $user->id,
-                'name' => $user->name,
-                'email' => $user->email,
-                'role' => $user->role,
-            ],
-        ]);
+        ])->response();
    }

    /**
@@ -105,9 +103,19 @@ class AuthController extends Controller
     * Exchange a valid refresh token for a new access token and refresh token pair.
     *
     * @authenticated
+     *
     * @bodyParam refresh_token string required Refresh token returned by login. Example: abc123def456
     *
     * @response 200 {
+     *   "data": {
+     *     "id": "550e8400-e29b-41d4-a716-446655440000",
+     *     "name": "Alice Johnson",
+     *     "email": "user@example.com",
+     *     "role": "manager",
+     *     "active": true,
+     *     "created_at": "2026-01-01T00:00:00Z",
+     *     "updated_at": "2026-01-01T00:00:00Z"
+     *   },
     *   "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
     *   "refresh_token": "newtoken123",
     *   "token_type": "bearer",
@@ -146,12 +154,12 @@ class AuthController extends Controller
        $accessToken = $this->jwtService->generateAccessToken($user);
        $newRefreshToken = $this->jwtService->generateRefreshToken($user);

-        return response()->json([
+        return (new UserResource($user))->additional([
            'access_token' => $accessToken,
            'refresh_token' => $newRefreshToken,
            'token_type' => 'bearer',
            'expires_in' => $this->jwtService->getAccessTokenTTL(),
-        ]);
+        ])->response();
    }

    /**
@@ -160,6 +168,7 @@ class AuthController extends Controller
     * Invalidate a refresh token and end the active authenticated session.
     *
     * @authenticated
+     *
     * @bodyParam refresh_token string Optional refresh token to invalidate immediately. Example: abc123def456
     *
     * @response 200 {"message":"Logged out successfully"}